ISC2 regularly updates to the CISSP Detailed Content Outline (DCO) following a new job task analysis (JTA) process, to keep the exam aligned to real-world job role expectations.
Effective from April 15, 2024, ISC2 will refresh the CISSP credential exam. ISC2 regularly updates the exams and domain weighting for its certifications.
The updates to the CISSP exam are a result of the latest Job Task Analysis (JTA), which is run on a triennial cycle as an analysis of the current content of the credential, evaluated by ISC2 members to ensure it accurately reflects cybersecurity job roles and tasks.
As a result of the insights and changes prompted by the JTA, the domain weights for the CISSP will change as follows:
Current (Effective May 1, 2021) |
Effective April 15, 2024 |
||
1 |
Security and Risk Management |
15% |
16% |
2 |
Asset Security |
10% |
10% |
3 |
Security Architecture and Engineering |
13% |
13% |
4 |
Communication and Network Security |
13% |
13% |
5 |
Identity and Access Management (IAM) |
13% |
13% |
6 |
Security Assessment and Testing |
12% |
12% |
7 |
Security Operations |
13% |
13% |
8 |
Software Development Security |
11% |
10% |
Total: |
100% |
100% |
What Has Changed?
Domain 1, Security and Risk Management, has increased in weight from 15% to 16%. Domain 8, Software Development Security, has decreased in weight from 11% to 10%. All other domain weights remain the same.
In addition to the domain weighting changes, the time limit for the computerized adaptive testing (CAT) exam will be a maximum of three hours beginning April 15, 2024. Candidates taking the CAT version of the exam (currently only available in English) will see a minimum of 100 and a maximum of 150 items. The linear (Chinese, German, Japanese, Korean and Spanish) exam length will remain six hours. Candidates taking the linear version of the exam will receive 225 total items.
Why Are Things Changing?
Given the rate of evolution within the cybersecurity sector, its necessary to regularly review and update credential exams to maintain alignment with trends, issues, threats and technologies. We have an obligation to members to maintain the relevancy of our credentials using standardized and repeatable processes such as the JTA.
This ensures that the exam items and subsequent continuing professional education requirements fully encompass the topic areas relevant to the roles and responsibilities of today's practicing cybersecurity professionals.
More detailed differences to the tasks and subtasks can be found in the exam outline.
- For more information about the changes, please visit our full FAQ here.
- Purchase your exam voucher with Peace of Mind Protection and get the assurance of a second sitting, if needed – when purchased in the month of November.
- Our exams and course content is developed by member volunteers. Find out more about joining our volunteer program and earning CPE credits for your contribution here.